def check_verf(self, rverf, cred):
"""Raise error if there is a problem with reply verifier"""
# STUB
if rverf.flavor == 6 and hasattr(self, 'gss_context'):
cred = self._gss_cred_from_opaque_auth(cred)
p = self.getpacker()
p.reset()
p.pack_uint(cred.seq_num)
d = gssapi.verifyMIC(self.gss_context, p.get_buffer(), rverf.body)
#print("Verify(%i):"%cred.seq_num, show_major(d['major']), show_minor(d['minor']))
else:
pass
def check_verf(self, rverf, cred):
"""Raise error if there is a problem with reply verifier"""
# STUB
if rverf.flavor == 6 and hasattr(self, 'gss_context'):
cred = self._gss_cred_from_opaque_auth(cred)
p = self.getpacker()
p.reset()
p.pack_uint(cred.seq_num)
d = gssapi.verifyMIC(self.gss_context, p.get_buffer(), rverf.body)
#print("Verify(%i):"%cred.seq_num, show_major(d['major']), show_minor(d['minor']))
else:
pass
def unsecure_data(self, data, cred):
"""Remove gss cruft from procedure arg/res"""
gss_cred = self._gss_cred_from_opaque_auth(cred)
if gss_cred.service == rpc_gss_svc_none or \
gss_cred.gss_proc != RPCSEC_GSS_DATA:
pass
elif gss_cred.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
checksum = p.unpack_opaque()
p.done()
d = gssapi.verifyMIC(self.gss_context, data, checksum)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.verifyMIC returned: %s" % \
show_major(d['major']))
p.reset(data)
seqnum = p.unpack_uint()
if seqnum != gss_cred.seq_num:
raise SecError(\
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, gss_cred.seq_num))
data = p.get_buffer()[p.get_position():]
elif gss_cred.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
p.done()
d = gssapi.unwrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.unwrap returned %s" % \
show_major(d['major']))
p.reset(d['msg'])
seqnum = p.unpack_uint()
if seqnum != gss_cred.seq_num:
raise SecError(\
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, self.gss_cred.seq_num))
data = p.get_buffer()[p.get_position():]
else:
# Not really necessary, should have already raised XDRError
raise SecError("Unknown service %i for RPCSEC_GSS" %
gss_cred.service)
return data
def unsecure_data(self, data, cred):
"""Remove gss cruft from procedure arg/res"""
gss_cred = self._gss_cred_from_opaque_auth(cred)
if gss_cred.service == rpc_gss_svc_none or \
gss_cred.gss_proc != RPCSEC_GSS_DATA:
pass
elif gss_cred.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
checksum = p.unpack_opaque()
p.done()
d = gssapi.verifyMIC(self.gss_context, data, checksum)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.verifyMIC returned: %s" % \
show_major(d['major']))
p.reset(data)
seqnum = p.unpack_uint()
if seqnum != gss_cred.seq_num:
raise SecError(\
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, gss_cred.seq_num))
data = p.get_buffer()[p.get_position():]
elif gss_cred.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
p.done()
d = gssapi.unwrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError("gssapi.unwrap returned %s" % \
show_major(d['major']))
p.reset(d['msg'])
seqnum = p.unpack_uint()
if seqnum != gss_cred.seq_num:
raise SecError(\
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, self.gss_cred.seq_num))
data = p.get_buffer()[p.get_position():]
else:
# Not really necessary, should have already raised XDRError
raise SecError("Unknown service %i for RPCSEC_GSS" % gss_cred.service)
return data
def unsecure_data(self, data, orig_seqnum):
"""Filter procedure results received from server"""
if self.service == rpc_gss_svc_none or self.init:
pass
elif self.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
checksum = p.unpack_opaque()
p.done()
d = gssapi.verifyMIC(self.gss_context, data, checksum)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.verifyMIC returned: %s" % \
show_major(d['major'])
p.reset(data)
seqnum = p.unpack_uint()
if seqnum != orig_seqnum:
raise SecError, \
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, orig_seqnum)
data = p.get_buffer()[p.get_position():]
elif self.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
# FRED - this is untested
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
p.done()
d = gssapi.unwrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.unwrap returned %s" % \
show_major(d['major'])
p.reset(d['msg'])
seqnum = p.unpack_uint()
if seqnum != orig_seqnum:
raise SecError, \
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, self.orig_seqnum)
data = p.get_buffer()[p.get_position():]
else:
raise SecError, "Unknown service %i for RPCSEC_GSS" % self.service
return data
def unsecure_data(self, data, orig_seqnum):
"""Filter procedure results received from server"""
if self.service == rpc_gss_svc_none or self.init:
pass
elif self.service == rpc_gss_svc_integrity:
# data = opaque[gss_seq_num+data] + opaque[checksum]
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
checksum = p.unpack_opaque()
p.done()
d = gssapi.verifyMIC(self.gss_context, data, checksum)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.verifyMIC returned: %s" % \
show_major(d['major'])
p.reset(data)
seqnum = p.unpack_uint()
if seqnum != orig_seqnum:
raise SecError, \
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, orig_seqnum)
data = p.get_buffer()[p.get_position():]
elif self.service == rpc_gss_svc_privacy:
# data = opaque[wrap([gss_seq_num+data])]
# FRED - this is untested
p = self.getunpacker()
p.reset(data)
data = p.unpack_opaque()
p.done()
d = gssapi.unwrap(self.gss_context, data)
if d['major'] != gssapi.GSS_S_COMPLETE:
raise SecError, "gssapi.unwrap returned %s" % \
show_major(d['major'])
p.reset(d['msg'])
seqnum = p.unpack_uint()
if seqnum != orig_seqnum:
raise SecError, \
"Mismatched seqnum in reply: got %i, expected %i" % \
(seqnum, self.orig_seqnum)
data = p.get_buffer()[p.get_position():]
else:
raise SecError, "Unknown service %i for RPCSEC_GSS" % self.service
return data
